More on Protecting Source Code
sadams123 at optushome.com.au
Tue Sep 17 00:50:39 EDT 2002
"David LeBlanc" <whisper at oz.net> wrote in message
news:mailman.1032232999.22661.python-list at python.org...
> I have read what I consider to be the narrow minded and short sighted
> wrt to protecting IP in the form of Python source code, and I would like
> make a few points.
> * Not everyone believes that all or most software ought to be free. I for
> one, don't.
> * Owners of property have the right to control it. If you disagree and own
> nice car or house, I'll be right over :->
> * Why invest a substantial amount of time and money developing in a
> that makes it trivial to gain access to the work product?
> Python may be easy to use, but if it's also easy to steal software written
> in it, that's an impediment to it's being widely used in commercial
> products, especially shrink-wrapped products. Perhaps that's a reason why
> there seems to be so few commercial products in Python, beyond those that
> are fairly closely licensed and/or have substantial parts of the app
> in C/C++.
but if you're worried about protecting your IP, then wouldn't your package
be under a closed license?
> I suppose one solution is to modify the Python interpreter with different
> op-codes and that ought to make it somewhat painful for the average
> A better solution is to make a .pyc file approximately as hard as a binary
> .exe file to decompile - however that could be done.
>From what I've read of that thread, the gist of it was
"once its released, a determined person can, to some extent get your code"
"Security through obscurity is no security against a determined attacker"
So, someone who is willing to hacka nd hack and hack away at your code, can
get at it, and this is true for things coded in assembler, C, Python or
Befunge. Most people aren't determined attackers, they're simply Joe Average
who needs to get a job done.
An operating system is a complex beast, compiled into machine code its even
more complex, how many people out there are using an unlicensed copy of
Windows or Office? they didn't decompile, that would take skill, they just
copied it bit for bit and posted the registration key.
Do a very very simple risk analysis. Who is your target audience, what is
the price of your software, will people bother going through your bytecode,
or will they just post the registration key to a website? Will stolen
software lead to a loss in revenue - or will those pirate users be people
who would never have bought it in the first place? (yes, the pirate users
are annoying, and you would feel ripped off, but OTOH you haven't lost
money, and you've gained a bunch of users)
More information about the Python-list